Last active
July 14, 2021 19:09
-
-
Save cm-iwaki/53afee67f3750bf69d78d4e941f1c7b4 to your computer and use it in GitHub Desktop.
VPC endpoint for Amazon SES SMTP endpoint.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_version = ">= 0.12" | |
| backend "s3" { | |
| bucket = "<bucket name>" | |
| key = "terraform.tfstate" | |
| region = "ap-northeast-1" | |
| encrypt = true | |
| acl = "bucket-owner-full-control" | |
| } | |
| } | |
| provider "aws" { | |
| region = "us-west-2" | |
| } | |
| #------------------------------------------------------------------------------ | |
| # VPC | |
| #------------------------------------------------------------------------------ | |
| resource "aws_vpc" "test_vpc" { | |
| cidr_block = "10.0.0.0/16" | |
| enable_dns_hostnames = true | |
| tags = { | |
| Name = "test_vpc" | |
| } | |
| } | |
| #------------------------------------------------------------------------------ | |
| # Private Subnet | |
| #------------------------------------------------------------------------------ | |
| resource "aws_subnet" "test_pri_subnet" { | |
| vpc_id = aws_vpc.test_vpc.id | |
| cidr_block = "10.0.0.0/24" | |
| availability_zone = "us-west-2a" | |
| tags = { | |
| Name = "test_pri_subnet" | |
| } | |
| } | |
| #------------------------------------------------------------------------------ | |
| # Route Table | |
| #------------------------------------------------------------------------------ | |
| resource "aws_route_table" "test_rtb_pri" { | |
| vpc_id = aws_vpc.test_vpc.id | |
| tags = { | |
| Name = "test_rtb_pri" | |
| } | |
| } | |
| #------------------------------------------------------------------------------ | |
| # Assosiation for test_rtb_pri | |
| #------------------------------------------------------------------------------ | |
| resource "aws_route_table_association" "test_rtb_pri" { | |
| route_table_id = aws_route_table.test_rtb_pri.id | |
| subnet_id = aws_subnet.test_pri_subnet.id | |
| } | |
| #------------------------------------------------------------------------------ | |
| # Security Group for ec2 | |
| #------------------------------------------------------------------------------ | |
| resource "aws_security_group" "ec2_sg" { | |
| name = "ec2_sg" | |
| vpc_id = aws_vpc.test_vpc.id | |
| description = "ec2_sg" | |
| egress { | |
| from_port = 0 | |
| protocol = "-1" | |
| to_port = 0 | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| tags = { | |
| Name = "ec2_sg" | |
| } | |
| } | |
| #------------------------------------------------------------------------------ | |
| # Security Group for vpcendpoint | |
| #------------------------------------------------------------------------------ | |
| resource "aws_security_group" "vpce_sg" { | |
| name = "vpce_sg" | |
| vpc_id = aws_vpc.test_vpc.id | |
| description = "vpce_sg" | |
| ingress { | |
| from_port = 443 | |
| to_port = 443 | |
| protocol = "tcp" | |
| cidr_blocks = [aws_vpc.test_vpc.cidr_block] | |
| } | |
| ingress { | |
| from_port = 25 | |
| to_port = 25 | |
| protocol = "tcp" | |
| cidr_blocks = [aws_vpc.test_vpc.cidr_block] | |
| } | |
| ingress { | |
| from_port = 465 | |
| to_port = 465 | |
| protocol = "tcp" | |
| cidr_blocks = [aws_vpc.test_vpc.cidr_block] | |
| } | |
| ingress { | |
| from_port = 587 | |
| to_port = 587 | |
| protocol = "tcp" | |
| cidr_blocks = [aws_vpc.test_vpc.cidr_block] | |
| } | |
| ingress { | |
| from_port = 2465 | |
| to_port = 2465 | |
| protocol = "tcp" | |
| cidr_blocks = [aws_vpc.test_vpc.cidr_block] | |
| } | |
| ingress { | |
| from_port = 2587 | |
| to_port = 2587 | |
| protocol = "tcp" | |
| cidr_blocks = [aws_vpc.test_vpc.cidr_block] | |
| } | |
| egress { | |
| from_port = 0 | |
| protocol = "-1" | |
| to_port = 0 | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| tags = { | |
| Name = "vpce_sg" | |
| } | |
| } | |
| #------------------------------------------------------------------------------ | |
| # EC2 | |
| #------------------------------------------------------------------------------ | |
| data "aws_ami" "amazon_linux_2" { | |
| most_recent = true | |
| filter { | |
| name = "name" | |
| values = ["amzn2-ami-hvm-*-x86_64-gp2"] | |
| } | |
| owners = ["137112412989"] | |
| } | |
| resource "aws_instance" "test_ec2" { | |
| ami = data.aws_ami.amazon_linux_2.id | |
| iam_instance_profile = aws_iam_role.test_ec2_role.name | |
| instance_type = "t2.small" | |
| subnet_id = aws_subnet.test_pri_subnet.id | |
| tags = { | |
| "Name" = "test_ec2" | |
| } | |
| vpc_security_group_ids = [aws_security_group.ec2_sg.id] | |
| } | |
| #------------------------------------------------------------------------------ | |
| # IAM Role | |
| #------------------------------------------------------------------------------ | |
| resource "aws_iam_role" "test_ec2_role" { | |
| assume_role_policy = jsonencode( | |
| { | |
| Statement = [ | |
| { | |
| Action = "sts:AssumeRole" | |
| Effect = "Allow" | |
| Principal = { | |
| Service = "ec2.amazonaws.com" | |
| } | |
| }, | |
| ] | |
| Version = "2012-10-17" | |
| } | |
| ) | |
| name = "test_ec2_role" | |
| tags = { | |
| "Name" = "test_ec2_role" | |
| } | |
| } | |
| resource "aws_iam_role_policy_attachment" "test_ec2_role" { | |
| role = aws_iam_role.test_ec2_role.name | |
| policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | |
| } | |
| resource "aws_iam_instance_profile" "test_ec2_role" { | |
| name = "test_ec2_role" | |
| role = aws_iam_role.test_ec2_role.name | |
| } | |
| #------------------------------------------------------------------------------ | |
| # VPC endpoint for Session Manager | |
| #------------------------------------------------------------------------------ | |
| resource "aws_vpc_endpoint" "ssm_vpce" { | |
| security_group_ids = [aws_security_group.vpce_sg.id] | |
| service_name = "com.amazonaws.us-west-2.ssm" | |
| vpc_endpoint_type = "Interface" | |
| subnet_ids = [aws_subnet.test_pri_subnet.id] | |
| private_dns_enabled = true | |
| tags = { | |
| "Name" = "ssm_vpce" | |
| } | |
| vpc_id = aws_vpc.test_vpc.id | |
| } | |
| resource "aws_vpc_endpoint" "ssmmessages_vpce" { | |
| security_group_ids = [aws_security_group.vpce_sg.id] | |
| service_name = "com.amazonaws.us-west-2.ssmmessages" | |
| vpc_endpoint_type = "Interface" | |
| subnet_ids = [aws_subnet.test_pri_subnet.id] | |
| private_dns_enabled = true | |
| tags = { | |
| "Name" = "ssmmessages_vpce" | |
| } | |
| vpc_id = aws_vpc.test_vpc.id | |
| } | |
| resource "aws_vpc_endpoint" "ec2messages_vpce" { | |
| security_group_ids = [aws_security_group.vpce_sg.id] | |
| service_name = "com.amazonaws.us-west-2.ec2messages" | |
| vpc_endpoint_type = "Interface" | |
| subnet_ids = [aws_subnet.test_pri_subnet.id] | |
| private_dns_enabled = true | |
| tags = { | |
| "Name" = "ec2messages_vpce" | |
| } | |
| vpc_id = aws_vpc.test_vpc.id | |
| } | |
| #------------------------------------------------------------------------------ | |
| # VPC endpoint for SMTP endpoint | |
| #------------------------------------------------------------------------------ | |
| resource "aws_vpc_endpoint" "email_vpce" { | |
| security_group_ids = [aws_security_group.vpce_sg.id] | |
| service_name = "com.amazonaws.us-west-2.email-smtp" | |
| vpc_endpoint_type = "Interface" | |
| subnet_ids = [aws_subnet.test_pri_subnet.id] | |
| private_dns_enabled = true | |
| tags = { | |
| "Name" = "email_vpce" | |
| } | |
| vpc_id = aws_vpc.test_vpc.id | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment